Yadhu Gopalan, co-founder and CEO of Esper.io, explains why a successful IoT edge strategy must involve timely, trustworthy IoT security updates, but updates are something that countless tech leaders have overlooked in the past.
Stagnant IoT edge devices are a business risk. A failure to drive continuous IoT updates can be detrimental to enterprise security posture. According to a recent study by Forrester and QT, 78% percent of tech leaders feel over-the-air (OTA) updates to their edge fleet are a critical priority, while 76% percent are focusing on remote diagnostics for their edge deployments.
Most IoT Edge Device Strategies Overlook IoT Security Updates
IoT edge innovation is the latest competitive battlefield for businesses. Across industries, organizations are creating new connected, smart devices to improve their customer experience or automate operations. But, brands aren’t winning advantage based on simply shipping out edge devices. Instead, the most disruptive brands are creating IoT edge innovations that offer a continuously improving customer experience.Â
A staggeringly high percentage of the 20.6 billionOpens a new window connected IoT devices in use today are unpatched and unprotected against known security vulnerabilities.Â
Also Read: What Is IoT Device Management? Definition, Key Features, and Software
93%Â of enterprise Android IoT edge devices are unpatched and vulnerable, per the Verizon MSIOpens a new window , leaving the average organization highly vulnerable to IoT-based security threats.Â
While there’s growing awareness among IT leaders that updates are crucial, practice hasn’t yet caught up with understanding. An Extreme NetworksOpens a new window survey found that 50% of organizations with an IoT edge fleet don’t practice any security measures beyond default passwords.Â
Traditional, perimeter-based security models simply aren’t sufficient to secure the growing number of smart-edge devices, owned and managed by today’s enterprise.Â
The dire state of IoT security has sparked awareness and legislation at a national and state level. The US Internet of Things Cybersecurity Improvement ActOpens a new window requires the creation of national standards for how edge devices used by the Federal Government are deployed, managed, and updated.
Also Read: Rise of the Digital Twin in Industrial IoT: Here’s What You Should Know
Enterprise tech leaders need to stop thinking of security updates as an afterthought to IoT edge deployments, especially if they hope to compete on digital transformation for edge devices. A future-proof IoT strategy must include a plan for updates, ideally before devices are deployed. Updates are not the only IoT security consideration but they’re a critically important part of the edge security framework. Here are 3 ways to future-proof IoT strategy with security updates:
1. Understand Patching Status
Security patching has never been a simple part of IT operations, and it’s significantly complicated by the fact that edge devices are remote from device operations teams. There’s little margin for error for successfully deploying updates to IoT edge devices, since few organizations can risk downtime or performance issues with their mission-critical devices.
Understanding the patching status of devices in production is key to successfully deploying and scaling up edge IoT innovations. Device operations teams need the visibility to remotely see whether security patches are available for devices and whether devices are in compliance with security policy.Â
2. Apply Security Updates Immediately
Updates from device manufacturers must be applied in a timely manner to protect against critical vulnerabilities, without impact on how the device functions. Timely security updates can protect organizations against a surprising number of IoT edge security risks. Last year, 75% Opens a new window of security attacks took advantage of unpatched vulnerabilities that were at least three years old. Applying patches in a timely manner is a critical protection against the majority of exploits.Â
3. Authenticate Security Updates
IoT edge devices are not typically vulnerable to ransomware or phishing attempts. They are, however, vulnerable to malware, being recruited to a distributed-denial-of-service (DDoS) botnet, or remote access vulnerability attacks. Last year, remote access vulnerability attacks increased 2,066%Opens a new window , and this type of threat action has the potential for devastating harm on IoT devices in healthcare, transportation, energy, and countless other industries.Â
Every line of code that is applied to an IoT edge device has the potential to change the device for better or worse. And receiving updates from an unvalidated source can lead to unauthorized malicious software on a device or unwanted remote access. Today’s tech leaders need to ensure their IoT edge device updates are trustworthy and validate the source of their patches.Â
Also Watch:Â How IoT Powers Digital Transformation for Enterprises:Tech Talk With Ericsson’s VP of IoT Strategy
Every IoT Edge Strategy Needs To Consider Security Updates
When IoT edge devices are updated, correctly configured and placed on a secure, segmented network, organizations can defend against many common security threats. It’s more important than ever for tech leaders to begin considering IoT updates earlier in the device lifecycle to adopt tooling that allows them to be nimble with respect to updating and patching.
Did you find this article helpful? Tell us what you think on LinkedInOpens a new window , TwitterOpens a new window , or FacebookOpens a new window . We’d be thrilled to hear from you.